<!DOCTYPE html>
<html>
    <?php
    include_once "../DB/db.php";
    include_once '../Functions/mySiteFunctions.php';
    include_once '../class/UserClass.php';
    $error = null;

    $user->redirectUser(); //redirect the user if admin or employee
    if ($user->isLoggedOn()) {        
        if (isset($_POST['save'])) { // if save is set the update the user values
            $sql = 'UPDATE users SET givenname=:givenname, surename=:surename, address=:address1, country=:country, postnr=:postnr, poststed=:poststed  WHERE uid=:id';
            $sth = $db->prepare($sql);
            $id = $user->getUid();
            $sth->bindParam(':id', $id); 
            $sth->bindParam(':givenname', $_POST['givenname']);
            $sth->bindParam(':surename', $_POST['surename']);
            $sth->bindParam(':address1', $_POST['address1']);
            $res0 = $db->query('SELECT * from countries ORDER BY cid');
            while ($row0 = $res0->fetch()) {
                if ($row0['country'] == $_POST['country']) { //update the country
                    $sth->bindParam(':country', $row0['cid']);
                    break;
                }
            }
            $sth->bindParam(':postnr', $_POST['zip']);
            $sth->bindParam(':poststed', $_POST['state']);

            $updated = $sth->execute();
            if (!$updated) { //if success
                $error = 1;
            } else {
                $error = 2;
            }
        } else if (isset($_POST['oldPassword'])) { // change password
            $pwd = md5($_POST['oldPassword']); // md5 the password
            $id = 1;
            $sql = 'SELECT * FROM users WHERE uid=:uid AND password=:pwd'; /* . $_SESSION['uid'] */
            $sth = $db->prepare($sql); // check if the user and password exists
            $sth->bindParam(':pwd', $pwd);
            $sth->bindParam(':uid', $id);
            $sth->execute();
            $row = $sth->fetch();
            if ($row) {
                $sql1 = 'UPDATE users SET password=:pwd WHERE uid=:id'; //updates the user values
                $sth1 = $db->prepare($sql1);
                $sth1->bindParam(':pwd', $_POST['password']);
                $sth1->bindParam(':uid', $id);
                $sth->execute();
                $error = 2;
            } else {
                header("Location: mySite.php?pass=error"); // redirect with error
            }
        } else if (isset($_POST['emailEdit'])) { // edit the usernam(email)
            $sql1 = 'UPDATE users SET email=:email WHERE uid=:id';
            $sth1 = $db->prepare($sql1);
            $id = 1;
            $sth1->bindParam(':email', $_POST['emailEdit']);
            $sth1->bindParam(':id', $id);
            $result = $sth1->execute();
            if (!$result) { // if success
                $error = 1;
            } else {
                $error = 2;
            }
        }
    }
    ?>
    <head>
        <title>Nettbutikk</title>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
        <link rel="stylesheet" type="text/css" href="../CSS/mainFrame.css" />
        <link rel="stylesheet" type="text/css" href="../CSS/content.css" />
    </head>
    <body>
        <div class="wrapper">
            <?php
            include_once "../MainFrame/header.php";
            include_once "../MainFrame/menuBar.php";
            include_once "../MainFrame/sideBar.php";
            ?>

            <div class="content">
                <?php
                if ($user->isLoggedOn()) {
                    ?>
                    <h1>Min side</h1> 
                    <div id="editProfile">
                        <?php
                        if (isset($_REQUEST['pass'])) { // edit password
                            editPassword();
                        } else if (isset($_REQUEST['user'])) { //edit username
                            editUsername($db);
                        } else {
                            editContact($db, $error); //edit contact
                        }
                        ?>
                    </div>  
                    <dl id="myProfileList">
                        <dt><h3>Ordre informasjon</h3></dt>
                        <dd><a href="/Views/showOrders.php?aktive=aktive" class="profileList">Se aktive ordre</a></dd>
                        <dd><a href="/Views/showOrders.php" class="profileList">Se alle ordre</a></dd>
                        <dt><h3>Endre passord og brukernavn</h3></dt>
                        <dd><a href="mySite.php?pass=pass" class="profileList">Endre passord</a></dd>
                        <dd><a href="mySite.php?user=user" class="profileList">Endre brukernavn</a></dd>
                        <dt><h3>Hjelp informasjon</h3></dt>                        
                        <dd><a href="hjelp.php" class="profileList">Skade på vare</a></dd>
                        <dd><a href="myEmpSite.php" class="profileList">Skade på meg</a></dd>
                        <dd><a href="hjelp.php" class="profileList">Hvordan hente faktura</a></dd><br>
                        <dd id="profilListEnd">Ved andre henvendelser kan du sende mail til<br>
                            dummy@dummy.no eller gå til vår <a href="contact.php">kontakt side</a>
                        </dd>                    
                    </dl>
                    <?php
                } else {
                    header("Location: registrer.php"); //if user is not logged in
                }
                ?>
            </div>
            <?php
            include_once "../MainFrame/footer.php";
            ?>
        </div>
    </body>
</html>